Dependency list export API
- Tier: Ultimate
- Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Every call to this endpoint requires authentication.
Create a dependency list export
Create a new CycloneDX JSON export for all the project dependencies detected in a pipeline.
If an authenticated user does not have permission to read_dependency,
this request returns a 403 Forbidden status code.
SBOM exports can be only accessed by the export’s author.
POST /projects/:id/dependency_list_exports
POST /groups/:id/dependency_list_exports
POST /pipelines/:id/dependency_list_exports| Attribute | Type | Required | Description |
|---|---|---|---|
id | integer | yes | The ID of the project, group, or pipeline that the authenticated user has access to. |
export_type | string | yes | Format of the export. See export types for a list of accepted values. |
send_email | boolean | no | When set to true, sends an email notification to the user who requested the export when the export completes. |
curl --request POST --header "PRIVATE-TOKEN: <private_token>" "https://gitlab.example.com/api/v4/pipelines/1/dependency_list_exports" --data "export_type=sbom"The created dependency list export is automatically deleted after 1 hour.
Example response:
{
"id": 2,
"status": "running",
"has_finished": false,
"export_type": "sbom",
"send_email": false,
"self": "http://gitlab.example.com/api/v4/dependency_list_exports/2",
"download": "http://gitlab.example.com/api/v4/dependency_list_exports/2/download"
}Export types
Exports can be requested in different file formats. Some formats are only available for certain objects.
| Export Type | Description | Available for |
|---|---|---|
dependency_list | A standard JSON object that lists the dependencies as key-value pairs. | Projects |
sbom | A CycloneDX 1.4 bill of materials | Pipelines |
json_array | A flat JSON array that contains component objects. | Groups |
csv | A comma-separated values (CSV) document. | Projects, Groups |
Get single dependency list export
Get a single dependency list export.
GET /dependency_list_exports/:id| Attribute | Type | Required | Description |
|---|---|---|---|
id | integer | yes | The ID of the dependency list export. |
curl --header "PRIVATE-TOKEN: <private_token>" "https://gitlab.example.com/api/v4/dependency_list_exports/2"The status code is 202 Accepted when the dependency list export is being generated, and 200 OK when it’s ready.
Example response:
{
"id": 4,
"has_finished": true,
"self": "http://gitlab.example.com/api/v4/dependency_list_exports/4",
"download": "http://gitlab.example.com/api/v4/dependency_list_exports/4/download"
}Download dependency list export
Download a single dependency list export.
GET /dependency_list_exports/:id/download| Attribute | Type | Required | Description |
|---|---|---|---|
id | integer | yes | The ID of the dependency list export. |
curl --header "PRIVATE-TOKEN: <private_token>" "https://gitlab.example.com/api/v4/dependency_list_exports/2/download"The response is 404 Not Found if the dependency list export is not finished yet or was not found.
Example response:
{
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:aec33827-20ae-40d0-ae83-18ee846364d2",
"version": 1,
"metadata": {
"tools": [
{
"vendor": "Gitlab",
"name": "Gemnasium",
"version": "2.34.0"
}
],
"authors": [
{
"name": "Gitlab",
"email": "support@gitlab.com"
}
],
"properties": [
{
"name": "gitlab:dependency_scanning:input_file",
"value": "package-lock.json"
}
]
},
"components": [
{
"name": "com.fasterxml.jackson.core/jackson-core",
"purl": "pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.2",
"version": "2.9.2",
"type": "library",
"licenses": [
{
"license": {
"id": "MIT",
"url": "https://spdx.org/licenses/MIT.html"
}
},
{
"license": {
"id": "BSD-3-Clause",
"url": "https://spdx.org/licenses/BSD-3-Clause.html"
}
}
]
}
]
}Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support
